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Remarks 

The application has been reviewed in light of the Office Action dated March 3, 2005. Claims 
1 and 5 have been amended to correct formal matters not effecting the scope of the Claims. Claims 
9-26 have been added. Claims 1-26 are pending in the application, with claims 1, 5, 15, 19 and 23- 
26 being in independent form. 

Claims 1-14 were rejected under 35 U.S.C. 103(a) as allegedly obvious from U.S. Patent 
6,092,194 to Touboul in view of U.S. Patent 5,859,966 Hayman et al. Applicants have carefully 
considered the Examiner's comments and the cited art, and respectfully submit independent claims 1 
and 5 are patentable over the cited art, for at least the following reasons. 

Independent Claim 1 relates to a method for preventing hostile use of computer resources 
by an application running on a workstation. A list of services that are not allowed for access by 
unspecified applications is provided, and when such unspecified application runs on the 
workstation, the application is prevented from accessing any resource directly. Any direct or 
indirect request for access to specific services is analyzed, to determine whether such request is 
allowable according to the list. The workstation processes the request if it is allowable. The 
unspecified application is prevented from accessing the requested resource if the request is not 
allowable. The resource may be any local or remote resource, such as, memory allocation, files, 
directories, operations with files and directories, such as copy, delete or compress, or any other 
operation leading to a permanent change in the workstation or its periphery. 

Touboul, as understood by Applicants, relates to a system and method for preventing 
hostile downloadables from being downloaded to a computer or network and executed. In other 
words, Touboul blocks the undesirable application so that it never reaches and runs on the client 
computer (see, for example, Touboul, col. 2, lines 21-28 and col. 3, lines 10-13). 

-10- 



Doron ELGRESSY et al. S.N. 09/622,959 ■ Dkt. 0655/62931 

Page 11 of 14 

Hayman et al., as understood by Applicants, relates to a security system for computer 
systems that imposes specific limitations on who has access to the computer system and to 
exactly what operations and data. 

The Office Action acknowledges that Touboul does not explicitly disclose when and 
unspecified application runs on the workstation, preventing the application from accessing any 
resource directly. Column 7, lines 25-30 of Hayman et al. are cited as allegedly disclosing this 
feature. 

Hayman et al. describes dividing the totality of MAC hierarchies into a small number of 
distinct and non-overlapping regions as shown in Fig. 4, including an administrative region 41, a 
user region 42 and a virus prevention region 43. Hayman et al. further describes that all system 
executables are stored in the virus prevention region so they gain benefit of write-protection. 
That is, when a process runs a program, a copy of the program is made into memory allocated to 
that process. If the program contains malicious code which attempts to modify any objects in the 
virus prevention region, access will be denied (Col. 7, lines 18-30). 

Accordingly, as understood by Applicant, Touboul relates to a system that determines 
whether to allow or block incoming downloadables. Hayman et al. relates to a system that 
denies access to malicious code that attempts to modify objects in a virus prevention region. 

However, Applicants find no teaching or suggestion in the cited art of a method for 
preventing hostile use of computer resources by an application running on a workstation, comprising: 
providing a list of services that are not allowed for access by unspecified applications, when such 
unspecified application runs on the workstation, preventing the application from accessing any 
resource directly, analyzing any direct or indirect request for access to specific services, to 
determine whether such request is allowable according to the list, if the request is allowable, 
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allowing the workstation to process it and if the request is not allowable, preventing the 
unspecified application from accessing the requested resource, as recited in independent claim 1. 

Accordingly, Applicants submit independent claim 1 is patentable over the cited art. 
Independent claim 24 is believed to be patentable over the cited art for at least similar reasons. 

Applicants also find no teaching or suggestion in the cited art of an agent for protecting a 
workstation against the hostile use of computer resources by an unspecified application running 
on the workstation, comprising means for detecting an unspecified application running on the 
workstation, means for determining the requests for resources to be used by the unspecified 
application, etc, as recited in independent claim 5. 

Accordingly, Applicants submit independent claim 5 is also patentable over the cited art. 

The new independent claims are also believed to be patentable over the cited art. For 
example, Applicants find no teaching or suggestion in the cited art of a method for preventing 
hostile use of computer resources in a local network by an application running on a workstation in 
the local network, comprising providing a list of computer resources that cannot be used by certain 
applications downloaded from outside the workstation, determining whether computer resources in 
any direct or indirect request by the downloaded application to use computer resources is in the list 
of computer resources, such that the request is allowable, wherein if the request is allowable, 
allowing the workstation to use the computer resources requested and wherein if the request is not 
allowable, preventing the workstation from using the computer resources requested, as recited in 
independent claim 15. Independent claim 25 is believed to be patentable for at least similar reasons. 

Applicants also find no teaching or suggestion in the cited art of an agent for preventing 
hostile use of computer resources in a local network by an application running on a workstation in 
the local network, comprising means for detecting certain applications downloaded from outside the 
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workstation, means for identifying direct requests by the certain applications to use the computer 
resources, means for identifying indirect requests by the certain applications to use the computer 
resources, means for determining whether indirect requests by the certain applications would be 
allowable if made directly by the certain applications and means for preventing the workstation from 
using the requested computer resources when at least one of the direct or indirect requests is 
determined not to be allowable, as recited in independent claim 19. 

Applicants also find no teaching or suggestion in the cited art of a method for preventing 
hostile use of computer resources in a local network by an application running on a workstation in 
the local network, comprising providing a list of computer resources that are not allowed to be used 
by one or more applications downloaded from outside the workstation, determining whether any 
direct or indirect request by the one or more downloaded applications to use computer resources are 
allowable according to the list, allowing the workstation to process the direct or indirect request if 
the request is allowable and preventing the workstation from processing the direct or indirect request 
if the request is not allowable, as recited in independent claim 23. New independent claim 26 is 
believed to be patentable for at least similar reasons. 

The Office is hereby authorized to charge any additional fees which may be required in 
connection with this amendment and to credit any overpayment to our Deposit Account No. 03-3 125. 

If a petition for an extension of time is required to make this response timely, this paper 
should be considered to be such a petition, and the Commissioner is authorized to charge the 
requisite fees to our deposit account No. 03-3125. 
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If a telephone interview could advance the prosecution of this application, the Examiner is 
respectfully requested to call the undersigned attorney. 

Entry of this amendment and allowance of this application are respectfully requested. 



Respectfully submitted, 




Reg. No.33,515 
Attorney for Applicants 
Cooper & Dunham LLP 
Tel.: (212) 278-0400 
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